b'ASSESSMENT\n              ASSESSMENT OF GPO\xe2\x80\x99S TRANSITION\nREPORT       PLANNING FOR INTERNET PROTOCOL\n08-12                   VERSION 6\n\n                      September 30, 2008\n\n\n\n\n        OFFICE OF INSPECTOR GENERAL\n\x0c                                                                  Memorandum\n                                                                   OFFICE OF THE INSPECTOR GENERAL\n                          WASHINGTON, DC 20401\n\n\n\n\n    DATE:      September 30, 2008\n\nREPLY TO\n ATTN OF: Assistant Inspector General for Audits and Inspections\n\n SUBJECT:      Final Report on Assessment of GPO\xe2\x80\x99s Transition Planning for\n               Internet Protocol Version 6\n               Report Number 08-12\n\n      TO:      Chief Information Officer\n\n\n      The Office of the Inspector General (OIG) has completed an assessment of GPO\xe2\x80\x99s\n      planning for the transition from Internet Protocol version 4 (IPv4) to version 6 (IPv6).1\n      The Office of Management and Budget (OMB) recently announced that all Executive\n      branch agencies reported meeting a June 30, 2008 deadline for successfully\n      demonstrating IPv6 capability for their network backbones. While GPO was not required\n      to meet the OMB deadline, IPv6 capability will provide certain benefits to GPO as\n      industry provides products and services that are IPv6-enabled.\n\n      This report contains two recommendations made by the OIG to enhance planning for the\n      IPv6 transition at GPO, and management\xe2\x80\x99s response to those recommendations. Our\n      evaluation of management\xe2\x80\x99s response has been incorporated into the body of the report\n      and is included in its entirety in Appendix A. We consider management\xe2\x80\x99s proposed\n      actions responsive to each of the recommendations. Recommendation 1 will remain open\n      for reporting purposes until the proposed corrective action is completed. We are closing\n      recommendation 2 upon issuance of this final report.\n\n      Background\n\n      IPv6 is a developing protocol and industry is currently designing products and services to\n      use features of IPv6 beyond increased address space. Anticipated benefits of IPv6\n      include:\n\n\n\n\n      1\n        Internet routing protocols are used to exchange information across the Internet. The services are\n      transparent to the user of the computer and are built using a layered approach. Protocols are standards that\n      define how computer data is formatted and received by other computers.\n\n\n                                                           1\n\x0c             \xef\x82\xb7    Labeling IPv6 information channels for special handling, such as higher\n                  qualities of service2, and\n             \xef\x82\xb7    Better authentication, data integrity, and data confidentiality.3\n\nOMB Memorandum Number 5-22 required all Executive Branch agencies to prepare\nindividual agency routing services to be compatible with IPv6 routing4 by June 30, 2008.\nThe memorandum does not require that agencies discontinue or block IPv4 routing;\nrather it is intended to have agencies build out IPv6 services from their core network\nrouting infrastructures.\n\nThe National Institute of Standards and Technology (NIST) produced detailed technical\nguidance informing agency transition planners of options available to get IPv6 services\nminimally functional at their agency. Additionally, the CIO Council authored a set of\nminimum requirements known as the \xe2\x80\x9cDemonstration Plan\xe2\x80\x9d to provide agencies with\ncompliance testing criteria specifically at core edge routing devices.5 Finally, NIST will\nissue a standards document in the near future that will detail the federal requirements for\nsecure and interoperable network products in the global IPv6 marketplace.\n\nWhile GPO is not required to comply with OMB requirements, IPv6 compliance is\nimportant because IPv4 address allocations are a finite resource. The American Registry\nfor Internet Numbers6 reports that approximately 19 percent of the IPv4 address space\nremains. While it does not appear that GPO will exhaust its address space anytime soon,\nthe Internet at large will and therefore a shift to IPv6 services is highly likely. 7 Because\ninformation exchange is critical to GPO\xe2\x80\x99s transition to a modern digital agency, GPO\nshould be capable of communicating with other federal agencies and public sources that\nsuccessfully transition to IPv6. Therefore, GPO should be planning for the establishment\nof secure, shared IPv6-enabled network services during regular technology upgrade\ncycles. As new GPO business processes are established, IPv6 capabilities to foster\nsecurity and robustness should be considered.\n\n\n\n\n2\n  Quality of service features allow for routing of services that cannot withstand any disruption in the flow\nof information. For example, voice and video conversations cannot withstand long and choppy pauses and\ntherefore require constant information flow through the network.\n3\n  Authentication in computing is verifying the identity of a subject requesting the use of a system and/or\naccess to a network resource. Data integrity ensures the data is valid and accurate as intended.\nConfidentiality serves to keep information secret and readable to intended recipients.\n4\n  Internet routing is one of the five layers of the Internet protocols. It allows computers to be identified\nuniquely across a great distances of physical separation and distinct computing hardware and software.\n5\n  The router that connects the agency directly to Internet routers.\n6\n  The American Registry for Internet Numbers is one of five Regional Internet Registries. The Regional\nInternet Registries control the allocation of IP addressing for the world.\n7\n  As of January, 2008 GPO owned enough IP addresses to allocate up to 16,384 independent routing\ndevices and 65,534 independent client and server addresses.\n\n\n                                                     2\n\x0cFindings\n\nGPO plans to transition to IPv6 as part of a broad acquisition plan to update its IT\ninfrastructure. Specific target dates for these updates have not been finalized. The OIG\nbelieves that the planned transition is a good long-term approach. In the short-term, GPO\nshould consider implementing OMB\xe2\x80\x99s minimum IPv6 requirement, the NIST defined\ndual stack,8 at its core edge routers. Implementing this minimum requirement will ensure\nthat technical resources such as GPO\xe2\x80\x99s new Federal Digital System (FDsys) are capable\nof ingesting information from IPv6 sources.\n\nGPO does not have a large set of edge core routers. Two active routers support GPO\nHeadquarters operations, and one router supports the new Secure Production Facility in\nMississippi. GPO\xe2\x80\x99s Information Technology and Systems network personnel are capable\nof programming the IPv6 dual stack into the core edge routers. A dual stack\nimplementation will allow GPO to add IPv6 routing and services slowly across its\ninternal network.\n\n\nRecommendations\n\nThe GPO Chief Information Officer should:\n\n           Recommendation 1. Require implementation of the NIST defined dual stack\n           methodology at GPO\xe2\x80\x99s core edge routing devices.\n\nManagement\xe2\x80\x99s Response. Concur. The GPO network modernization project will\nensure that this requirement is fully implemented at all edge routing devices in the GPO\nnetwork.\n\nEvaluation of Management\xe2\x80\x99s Response. Management\xe2\x80\x99s planned action is responsive to\nthe recommendation. The recommendation is resolved but undispositioned, and will\nremain open for reporting purposes until the proposed action is completed. The complete\ntext of management\xe2\x80\x99s response is in Appendix A.\n\n           Recommendation 2. Establish an IPv6 assessment team to monitor the\n           availability of IPv6 products and services and make recommendations on how\n           GPO can best leverage the benefits of IPv6.\n\nManagement\xe2\x80\x99s Response. Concur. This will be done as part of the GPO network\nmodernization project, which is funded and is now underway (see Appendix A).\n\nEvaluation of Management\xe2\x80\x99s Response. Management\xe2\x80\x99s planned action is responsive to\nthe recommendation. We are closing the recommendation upon issuance of this report.\n\n\n8\n    An Internet Node capable of communicating using either or both of IPv4 and IPv6.\n\n\n                                                     3\n\x0cWe appreciate GPO management\xe2\x80\x99s cooperation during the assessment. If you have any\nfurther questions concerning this report, please contact Mr. Brent Melson, Deputy\nAssistant Inspector General for Audits and Inspections, at (202) 512-2037, or me at\n(202) 512-2009.\n\n\n\n(Original signed by)\n\nKevin J. Carson\nAssistant Inspector General for Audits and Inspections\n\n\ncc:\nChief of Staff\nChief Management Officer\nChief Technology Officer\n\n\n\n\n                                           4\n\x0cAppendix A. Management\xe2\x80\x99s Response\n\n\n\n\n                5\n\x0c                Appendix B. Status of Recommendations\n\n\nRecommendation No.     Resolved   Unresolved   Open/ECD*   Closed\n          1                X                      TBD\n          2                X                                 X\n*Estimated Completion Date\n\n\n\n\n                                     6\n\x0c'